CodeTracked since May 19, 2026

Enforce Ed25519 verification for plugin registry discovery

The PR replaces a no-op plugin-registry signature check with a real Ed25519 verification step and binds that check to the trusted pinned key from default registry config, so registry metadata can’t be accepted as valid unless it is actually cryptographically signed as expected. The discovery call site now waits for this result and, when verification fails under default `requireVerification`, falls back instead of treating the registry as trusted.

PluginDiscoveryService.discoverRegistryverifyRegistrySignatureverifyEd25519SignatureDEFAULT_PLUGIN_STORE_CONFIG

What Happened

The PR replaces a no-op plugin-registry signature check with a real Ed25519 verification step and binds that check to the trusted pinned key from default registry config, so registry metadata can’t be accepted as valid unless it is actually cryptographically signed as expected. The discovery call site now waits for this result and, when verification fails under default `requireVerification`, falls back instead of treating the registry as trusted.
The PR replaces a no-op plugin-registry signature check with a real Ed25519 verification step and binds that check to the trusted pinned key from default registry config, so registry metadata can’t be accepted as valid unless it is actually cryptographically signed as expected. The discovery call site now waits for this result and, when verification fails under default `requireVerification`, falls back instead of treating the registry as trusted.
1 evidence item attached for review.

What is Different

Before

Scattered source updates, isolated context, and manual follow-up across multiple feeds.

Now

Wired `transfer/ipfs/client.ts`’s `verifyEd25519Signature` into `v3/@claude-flow/cli/src/plugins/store/discovery.ts`, implemented proper registry canonicalization and key selection (`DEFAULT_PLUGIN_STORE_CONFIG`’s pinned key), and changed discovery flow control to await verification and fail-closed on signature failure.

Why Track This

Why It Matters

Plugin users and operators installing from the default ruflo registries become much less exposed to gateway tampering because a substituted registry payload can no longer pass as legitimate and trigger plugin installs carrying network/filesystem/hooks permissions. The path now verifies the downloaded registry with Ed25519 before trust is granted and only continues when valid, which blocks a key attack chain from compromised DNS/VPN/gateway routes into code execution via plugin loading. Continue monitoring for signature-format compatibility changes (JSON serialization/canonicalization), and validate that demo-registry fallback is safe and clearly signaled in production environments.

Impact

What To Watch Next

Watch whether PluginDiscoveryService.discoverRegistry becomes a repeated pattern.
Track follow-up changes around AI Security.
Compare future signals against this evidence trail.
Re-check risk flags: json_canonicalization_change_risk, signature_key_rotation_validation.

Open Topic Timeline Open Technical Event Open Original Sourcejson_canonicalization_change_risk / signature_key_rotation_validation / fallback_registry_security_behavior / verification_disabled_with_trusted_registries

Supporting Evidence

GITHUB PULL REQUESTHigh Trust

ruvnet/ruflo PR #1922: fix(security): plugin registry signature verification is a no-op (CWE-347)

Turns registry signature validation from an always-success stub into an enforceable signature check in plugin discovery.

Enforce Ed25519 verification for plugin registry discovery

PluginDiscoveryService.discoverRegistryverifyRegistrySignatureverifyEd25519SignatureDEFAULT_PLUGIN_STORE_CONFIG

What Happened

1 evidence item attached for review.

What is Different

Before

Scattered source updates, isolated context, and manual follow-up across multiple feeds.

Now

Why Track This

Why It Matters

Impact